Word	Bits	Name	Description

0	31:28	PktCmd	Packet forwarding command:
			0: Discard packet.
			1: Forward packet.
			2: Return packet to CPU.
			3-15: Reserved
	27:20	Reserved
	19:16	PktDst	Forwarding destination for
			the packet:
			0: Processor Engine
			1: Security Engine
			2: Line Interface
			3: PPPoE Interface
			4: Tunnel Interface
			6-15: Reserved
	15:0	PktMTU	Packet MTU
1	31	NAT_IP	Perform NAT on IP addresses.
	30	DropCpuPkt	If this bit is set and the Pkt desc is
			HW_COH the packet is dropped
	29	NAT_TCP	Perform NAT on TCP/UDP
			port addresses.
	28	ReplaceRM	Replace Rate-Marking field
			in SF header.
	27	ReplaceID	Replace IP header ID field with
			incremented PktID.
	26	ValidCRC	Validate IP header checksum.
	25	DecrTTL	Decrement the IP or MPLS header
			TTL value.
	24	ReplacePRI	Replace Priority field in SF header.
	23:16	TOS/EXP	IP TOS/MPLS EXP replacement
			value
	15:8	TOS/EXP	Enables for IP TOS/MPLS EXP
		Enables	replacement. (Set high to replace bit)
	7:4	MPLS	MPLS Operation Code
		Operation	0: NOP
			1: PUSH
			2: POP_PEEK
			3: POP_FWD
			4: SWAP
			5: POP_L2VPN_NULL
			6:POP_L2VPN_CTRL
	3	PWE3	PWE3 special case handling of
		Enable	L2 packets.
	2	PWE3	PWE3 control word should be added.
		Control	Used when CW is “optional”.
	1:0	Reserved
2	31:0	StatsOutPtr0	Memory pointer to egress statistics
			block 0.
3	31:0	StatsOutPtr1	Memory pointer to egress statistics
			block 1 (Always assumed enabled)
4	31:16	HdrOffset	Indicates the number of bytes before
			the start of payload when an
			application specific header is located.
			Used for PPPoE. Also used for
			detunneling, indicates the number of
			bytes to strip before detunneling.
	15:0	HdrLen	Byte length of the transform header.
5	31:0	HdrPtr	Memory pointer to the transform
			header data.
6	31:0	NAT.IPSrc	IP source address NAT replacement
			value.
7	31:0	NAT.IPDst	IP destination address NAT
			replacement value.
8	31:16	NAT.TCPSrc	TCP/UDP source Port NAT
			replacement value.
	15:0	NAT.TCPDst	TCP/UDP destination port
			NAT replacement value.
9	31:0	PktIdPtr	Memory pointer to packet ID value.
10	31:0	MeterOutPtr0	Memory pointer to egress metering
			control block 0.
11	31:0	MeterOutPtr1	Memory pointer to egressmetering
			control block
1.
12	31:8	Reserved
	7:0	EgressQosIndex	Mode and memory pointer to the
			egress QOS translation table
13	31:0	L3 HeaderPtr	Memory pointer to the L3
			encapsulation header
14	31:0	L3 HeaderSize	Size of the L3 encapsulation header
15	31:16	FCBTag	The value of the corresponding FCB
			pending tag must be written here to
			associate the TCB with the flow.
			A value of 0 needs to be written
			in prefix mode.
	15:0	TCPChkAdj	TCP Checksum adjustment for
			TCP transforms.

To update a Transform Control Block (TCB), host software sends a control packet containing a PFE_EGRESS_WR message with an address parameter that points to the new TCB. Software should issue the TCB update control packet before issuing the packet being forwarded. This ensures that the forwarded packet is processed according to the updated TCB.

There are a couple fields used to maintain packet order and associate the TCB with a specific flow. In flow mode, where several NEW packets for a flow could be sent to the CPU, there is a danger that once the CPU updates the TCB and FCB a packet could be hardware forwarded while the CPU still has packets for that flow. In one embodiment, packet order is maintained by a conflict cache in the DMA engine. Alternatively, packet order may be enforced by the TCB. When the TCB is written the DropCpuPkt bit should be zero, this will allow the CPU to send the NEW packets it has for that flow. However, when the first FWD_HW packet is seen with this bit clear, the forward engine will update the TCB and set this bit. Subsequent packets from the CPU (recognized because they are marked FWD_HW_COH) will be dropped.

There is also a consistency check performed between the FCB and the TCB. On ingress, the SF header SrcChan is replaced with the PendingTag field of the FCB. On egress, the SrcChan is compared against the FCBTag field of the TCB. If the tags mismatch, the packet is dropped. For prefix mode the SrcChan is replaced with zero, and the FCBTag field is initialized to zero.

In its simplest form, the packet header transformation involves the replacement of some number of header bytes of an ingress packet with some number of bytes of replacement header data. Under the control of a Transform Control Block, the PFE egress unit can selectively replace and recompute specific fields in a small set of protocol headers.

The PFE egress unit begins the header transform by stripping the incoming packet's SF header along with the number of bytes indicated by the SF header offset field. At that point, the controller will begin copying bytes from the buffer pointed to by the TCB's HDRPTR field into the egress packet buffer. The PFE will copy the number of new header bytes defined by the TCB's HDRLEN field.

After performing this header replacement, the PFE then goes through the TCB enable bits to determine what other header transformations need to be made. The sections below explain some of these transformations.

The PFE uses the TCB HDRLEN field to update the SF header length field for outgoing packets. By default, the PFE retains the SF header RM (rate marking) and PRI (priority) fields from the incoming packet in the outgoing packet. When the associated TCB's ReplaceQOS field is set, the PFE replaces the incoming RM and PRI fields with the values set in the TCB's header block. The PFE also replaces the RM field for outgoing packets when rate marking is enabled in the TCB. In cases where the hardware detects an exception that requires software processing, the PFE returns packet to the CPU and sets the SF header error code to 0x7.

The PFE egress controller supports independent replacement of the IP source and destination addresses to support IP NAT. It also supports replacement of the IP Type-of-Service (TOS) field. When enabled, the PFE egress controller will decrement the IP Time-To-Live Field and can conditionally replace the IP identification field based on the Transform Control Block's ReplaceID field. For a particular flow with the TCB ReplaceID field enabled, the PFE fetches the ID from the memory location pointed to by the TCB's PktIdPtr field. PFE increments the stored ID value after it replaces a packet's ID field.

For each IP header field transform, the PFE computes and applies an adjustment to the IP header checksum field. With a separate bit in the TCB, host software can request that the PFE validate the ingress IP header checksum field.

If the TCB PktDst field indicates that the packet is destined to the Security Engine, then the PFE egress controller replaces the security engine header Fragment Size field. If the TCB ReplaceID field is also set, the PFE performs packet ID replacement in the security engine header instead of the egress packet IP header.

If the TCB PktDst field indicates that the packet includes a PPPoE header, then the PFE egress unit must update the PPPoE payload length field before transmitting the packet. Software indicates the location of the PPPoE header by setting the TCB HdrOffset field to the number of bytes between the start of the PPPoE Header and the start of the L3 packet payload. The PFE egress unit will then update the last 2 bytes of the 6-byte PPPoE header with the packet's payload length. It computes the PPPoE payload using the following formula:
PPPoE Payload Length=L3 Payload Length+TCB HdrOffset Value−PPPoE header length (6 bytes).

In the event that the hardware detects an exceptional packet that requires software processing, the PFE controllers will return the packet to the CPU with the packet's SF Header Error field set to 0x6 and set the SF SrcChld to an error code. The Switch Fabric Document lists the possible error codes to get placed in the SF SrcChld.

The PFE egress unit independently rate limits ingress and egress packets, if enabled. As part of rate limiting, the PFE meters, marks and drops packets. The PFE performs ingress rate limiting before header transformation and performs egress rate limiting after header transformation. Software controls metering and rate marking using a combination of Metering Control Blocks (MCBs) and fields in the TCB and ingress Statistics Blocks.

The PFE implements both ingress and egress rate metering and marking according to the two-rate three color marker (trTCM) definition in RFC 2698. Per this definition, in color-blind mode the PFE marks the drop precedence color of a packet as Green if it does not exceed the CBS, Yellow if it exceeds the CBS but not the PBS, and Red if it exceeds both CBS and PBS. The packet's color is encoded into the rm field of the LQ header. The PFE increments the C and P buckets by the CIR and PIR values, respectively, in 1 ms intervals.

The PFE egress unit may optionally drop Yellow or Red packets or may color packets for a downstream dropper. The RateInCtl and RateOutCtl fields of the TCB control whether and how to drop packets on ingress and egress rate limiting.

A set of Metering Control Blocks (MCBs) maintained in system memory contain per flow (VR, VI, or ACL) trTCM parameters. Table 11 defines the MCB data structure in accordance with one embodiment of the present invention. Hardware provides three logical metering units: VI-based ingress metering, flow-based ingress metering, and flow-based egress metering. The TCB contains two MCB pointers for flow-based metering. The VI-based MCB pointer is contained in the VI-based stats block and will be discussed in more detail below.

TABLE 11

Metering Control Block

Word	Bits	Name	Description

0	31:0	Green_bytes	Bottom 32 bits of green-metered
		(lower)	bytes count.
1	31:0	Ctokens	Number of bytes in Ctoken bucket
2	31:0	Ptokens	Number of bytes in Ptoken bucket
3	31:0	Metered_pkts	Bottom 32 bits of metered packet count.
		(lower)
4	31:0	Yellow_bytes	Bottom 32 bits of yellow-metered
		(lower)	bytes count.
5	31:0	Red_bytes	Bottom 32 bits of red-metered
		(lower)	bytes count.
6	31:0	Timeslot	1ms timeslot value.
7	31:0	Reserved
8	31:0	CIR	Committed information rate in
			bytes/timeslot.
9	31:0	PIR	Peak information rate in
			bytes/timeslot.
10	31:0	CBS	Committed burst size in bytes.
11	31:0	PBS	Peak burst size in bytes.
12	63:32	Metered_pkts	Upper 32 bits of metered packet count.
		(upper)
13	63:32	Green_bytes	Upper 32 bits of green-metered
		(upper)	byte count.
14	63:32	Yellow_bytes	Upper 32 bits of yellow-metered
		(upper)	byte count.
15	63:32	Red_bytes	Upper 32 bits of red-metered
		(upper)	byte count.

Software controls where and how the hardware accesses MCBs by setting up arrangements of MCB pointers. In the present example, the MCB pointer data structure contains a 32-Byte aligned memory pointer along with mode control bits as detailed in the table below. In its simplest form, the pointer field indicates the memory location of a single MCB. In its most complex mode, the pointer indicates the location of an ordered array of up to 8 MCB pointers. When the hardware loads an MCB pointer array, it performs metering and rate marking starting with the first MCB pointer and continuing as directed by the Next Pointer field in the MCB pointer. Software can disable rate marking completely by setting all 4 bytes of the MCB pointer0. The lowest 5 bits should be masked out before using this 4-byte word as the memory pointer.

TABLE 12

MCB Pointer Format

Bit
Field	Name	Description

31:5	Memory	This field contains a memory pointer to an MCB, an
	Pointer	MCB pointer array, or a Rate Marking Translation
		Table. The Metering Mode field determines which
		mode to use. This pointer must be 32-byte aligned.
4:3	Metering	This fields determines to what structure the Memory
	Mode	Pointer field points:
		0: MCB - Color Blind
		1: MCB - Color Aware
		2: MCB Array
		3: Reserved
2:1	Drop Policy	This field indicates the traffic policy:
		0: No dropping
		1: Drop on red marking only
		2: Drop on yellow or red marking
		3: Reserved
0	Next Pointer	This field indicates whether the hardware should
		continue to the next MCB pointer in an array:
		0: Stop after the current pointer
		1: Continue to the next MCB pointer in the array

As a special optimization, software embeds the MCB pointer for the VI-based ingress metering in a reserved field of the VI-based ingress stats block. Software must guarantee that this reserved field of the stats block is always initialized to 0 in the case where metering is not enabled.

The VI-based statistics block also contains two MCB pointers for metering traffic bound for software. One pointer is for best effort traffic and the other is for control traffic. Software must initialize these pointers to 0 if metering is not enabled.

When IP/MPLS packets arrive at the ingress, the PFE uses the QOS pointer in the VI-based ingress stats block. This pointer indicates how the hardware translates the incoming TOS/EXP field into the LQ header's PRI and RM fields. If the pointer is NULL then the translation is skipped.

The ingress QOS translation pointer resides in the last 4 bytes of the VI-based ingress stats block. For IP packets, the ingress table consists of 256 entries, indexed by the incoming packet's IP header TOS field. For MPLS packets, the ingress table consists of 8 entries, indexed by the incoming packet's MPLS EXP field. Each entry is 8 bytes wide (4 B mask, 4 B value). The ingress table entry format, in accordance with one embodiment, is described below:

TABLE 13

Ingress QOS Translation Table Entry Format for IP and MPLS

	Bit
Word	Field	Name	Description

0	31:25	Reserved	Should be zero
	24:25	RM Mask	Rate Marking Mask. Only bits to be replaced
			are high.
	22:20	PRI Mask	Priority Mask. Only bits to be replaced should
			be high.
	19:0	Reserved	Should be zero.
1	31:25	Reserved	Should be zero
	24:23	RM Value	New Rate Marking value
	22:20	PRI Value	New Priority value
	19:0	Reserved	Should be zero.

The egress QOS translation pointer resides in word12 of the associated TCB. The egress table consists of 32 entries indexed by the concatenation of the outgoing packet's {RM, PRII} SF header fields (the RM bits reside in the MSB of the table index). Each entry is 8 bytes wide (4 B mask, 4 B value). Exemplary egress table entry formats for IP and MPLS packets are described below:

TABLE 14

Egress QOS Table Entry Format for IP

	Bit
Word	Field	Name	Description

0	31:24	Reserved	Should be zero.
	23:16	TOS Mask	TOS Mask. Only bits to be replaced should
			be high.
	15:0	Reserved	Should be zero.
1	31:24	Reserved	Should be zero.
	23:16	TOS Value	New TOS value
	15:0	Reserved	Should be zero.

TABLE 15

Egress QOS Table Entry Format for MPLS

	Bit
Word	Field	Name	Description

0	31:12	Reserved	Should be zero.
	11:9	EXP Mask	EXP Mask. Only bits to be replaced should
			be high.
	8:0	Reserved	Should be zero.
1	31:12	Reserved	Should be zero.
	11:9	EXP Value	New EXP value
	8:0	Reserved	Should be zero.

The PFE hardware maintains packet statistics for all packets in Statistics Block data structures. The PFE updates both statsOutPtr0 and statsOutPtr1 egress packet statistics after header transformation. Along with the TCB stats block pointers for egress statsOutPtr0 and statsOutPtr1 flow statistics, the PFE also maintains per-VI ingress statistics using per-protocol tables indexed by LQID.

According to one embodiment, each statistics block contains three sets of counters, one set for normal packets and bytes, another for dropped packets and bytes and a third for packets with errors. The stats block also contains a field for counting the number of packets sent out as a fragmentation. There is a reserved field at the bottom of the stats block may be used for indicating ingress-VI metering control information. It should be initialized to 0 when the stats block is allocated.

TABLE 16

Ingress LQID Statistics Block

Word	Bits	Name	Description

0:1	63:0	Trans_pkts	Number of packets transmitted.
2:3	63:0	Trans_bytes	Number of bytes transmitted.
4:5	63:0	Dropped_pkts	Number of packets dropped.
6:7	63:0	Dropped_bytes	Number of bytes dropped.
8:9	63:0	Error_pkts	Number of packet with errors.
10:11	63:0	Error_bytes	Number of bytes with errors.
12	31:0	MeterSwBEPtr	Pointer to meter block for software bound
			best effort traffic
13	31:0	MeterSwCtlPtr	Pointer to meter block for software bound
			control traffic
14	31:0	LQID	Pointer to Ingress VI rate-limiting
			control block.
		Metering Ptr	Software should initialize this field to 0
			when allocating the stats block.
15	31:8	FlowCapIndex	Index into table of Flow cap structures.
	15:10	Flag bits	Mode dependent
	9:8	Mode	0 - Normal, 1 - L2 VPN, 2:3 - Reserved.
	7:0	IngressQosInd	Index into an array to TOS to RM/PRI
		x	translation tables. Software should
			initialize this field to 0 (disabled) when
			allocating the stats block.

TABLE 17

Egress Flow Statistics Bytes

Word	Bits	Name	Description

0:1	63:0	Trans_pkts	Number of packets transmitted.
2:3	63:0	Trans_bytes	Number of bytes transmitted.
4:5	63:0	Dropped_pkts	Number of packets dropped.
6:7	63:0	Dropped_bytes	Number of bytes dropped.
8:9	63:0	Error_pkts	Number of packets with errors.
10:11	63:0	Error_bytes	Number of bytes with errors.
12:13	63:0	Frag_pkts	Number of fragment packets transmitted
14:15	63:0	Frag_bytes	Number of fragment bytes transmitted..

The stats block pointer is bimodal in that it can points to single stats block or in the future to an array of stats block pointers. In array mode, the host software can associate up to 8 stats blocks with each of the TCB stats pointer fields. The PFE will traverse the table of pointers starting at the first entry and continuing as directed by the Next Pointer field. Software disables a table entry by setting all 4-bytes of the stats block pointer to 0. StatsOutPtr1 of the TCB is always assumed to be enabled to save instructions. If the either StatsOutPtr0 or StatsOutPtr is setup to point to something other than a stats block, then there can be dangerous memory corruption of that block and eventually other memory blocks.

TABLE 18

Statistics Block Pointer Format

Bit
Field	Name	Description

31:5	Pointer	PFE memory address to the associated stats block. The
		stats block is assumed to be 64-byte aligned.
4:2	Reserved
1	Pointer	Defines whether the pointer field points to a stats block
	Mode	or to an array of stats block pointers:
		0: Stats Block
		1: Stats Block Pointer Array
0	Next	This field indicates whether the hardware should
	Pointer	continue to the next stats block pointer in array:
		0: Stop after the current pointer.
		1: Continue to the next stats block pointer.

In both prefix-mode and flow-mode, the PFE hardware maintains per-VI ingress statistics in a set of tables of stats blocks indexed by the packets LQID and LQ protocol. The hardware selects a table using the packet's LQ protocol field and then selects the table entry using the LQID as an index. Per-VI ingress statistics are maintained for every packet.

The PFE hardware supports Network Address Translation for IP addresses and for TCP/UDP port addresses. When software enables IP or TCP/UDP NAT, it must also provide the associated replacement addresses and checksum adjustments in the corresponding TCB fields. When the hardware detects one of the NAT enable bits is set to ‘1’, it will always replace both the source and destination addresses. If software intends to translate only the source address, it must still supply the correct destination address in the TCB replacement field. Similarly, the software must also supply the correct source address in the TCB replacement field when it is just replacing the destination address.

The checksum adjustment should be computed as follows:
ChkAdj=aNew+˜aOld+bNew+˜bOld+cNew+˜cOld
where the + is a one's complement addition (meaning any carry bits are looped back and added to the LSB) and ˜ is the inversion of all.

In one embodiment, on the ingress side, alllayer2 packets are distinguished bybit5 of the SF header protocol field being set. The PFE micro-code checks this bit and jumps to separate L2 header loading logic when it is set. Separate code-points for each L2/L3 protocol are defined in the SF spec, jumping to the proper parsing logic is done by using the entire SF protocol (including the L2 bit) field as an index into a jump table and jumping to that instruction which causes a jump to the proper code segment. One of the functions of the L2 parsing logic is to determine the size of the variable length L2 headers and increment the SF offset field by that amount (in some cases, such asde-tunneling 2^ndpass) so that the PFE egress will strip off that part of the header. In addition, the SF protocol field may be changed (also 2^ndpass de-tunneling) to another protocol type depending what the underlying packet type is. This is also determined by the parsing logic and causes the proper egress code path to be taken.

Tunneling is the trivial case for L2 packet transformation. On the ingress side, a PPP packet arrives (LAC case), is parsed to get the protocol field for the hash, and the flow hash performed to determine the flow index. No SF header offset or protocol modification is done in this case. The actual tunneling is performed via the TCB on the egress side.

On the egress side, a new header is appended to the packet via normal TCB processing. In this case, the header would include IP/UDP/L2TP headers. Then all IP/MPLS specific transform logic is skipped and statistics, metering, etc is performed. The only new processing on the egress side is to update the ID field of the newly added IP header, and re-compute the IP checksum. To support this, a new PktDst code-point “Tunnel Interface” has been added. When the micro-code detects this code-point, the IP header (assumed to be just after the SF header) ID field is modified in a similar fashion as for “Security Engine” destined packets. The PktIdPtr field in the TCB is used to point to the current packet ID, the ID is read from memory, used to modify the IP header, incremented, and written back to memory. In this way, all that software needs to do to set-up for a tunnel is to set the TCB up with the properly formatted header block, ID header pointer, initialized ID value, and set the PktDst field to Tunnel.

For the LNS case, an IP packet is received on the ingress side and goes through normal IP header parsing logic and egress IP processing. According to one embodiment, the only difference is that the added TCB header must contain IP/UDP/L2TP/PPP in its contents. Everything else is as described above for the LAC case.

The De-Tunneling case is much tougher and involves two pass processing as well as two stage flow learning. In this case the incoming packet consists of IP-UDP-L2TP-PPP-IP-XXX-payload. The first pass is just like any normal IP packet, on the ingress the IP header is parsed and the flow hash is performed to determine a flow index. On the egress side normal IP TCB processing will be performed. Software must set-up the new header block with a new SF header such that the packet comes back (via the SF destination fields) to the ingress side of the PFE again for the second pass. In addition this new SF header must contain one of the newly defined L2 protocol code-points L2TP_LAC (41 including L2 bit), or L2TP_LNS (42 including L2 bit), and the SF offset field should be set with the proper offset to cause the 2^ndpass processing to look at the L2TP header.

According to the present example, on the second pass, the SF offset field now points to the L2TP-PPP-IP-XXX-payload part of the packet. Depending on the L2 protocol code-point the L2 parsing logic will go to different depths into the packet to gather the hash words for the flow hash. In the L2TP₁₃LAC case only the L2TP header is parsed. In the L2TP_LNS case, the parsing goes into the encapsulated IP and even TCP/UDP headers, if present. This parsing again tells the egress logic how many bytes to adjust the SF offset field and which protocol to change the SF protocol field. For the LAC case, the protocol field will be changed to PPP and the offset field adjusted to point at the PPP header. For LNS it is changed to IP and the offset adjusted to point at the IP header. Changing of the protocol and offset fields in this manner causes the egress side to process what is left of the packet in the proper manner. The LAC case results in a PPP packet being sent to the egress logic, in this case all IP/MPLS specific logic is skipped and only stats/metering micro-code is executed. In the LNS case, an IP packet is presented to the egress and processed the same way as any other IP packet.

Tunneling packets via GRE is performed in exactly the same manner as for L2TP. IP/MPLS or some other packet type is received on the ingress side and processed normally by the ingress micro-code. On the egress side normal TCB header processing adds a SF/IP/GRE header to the packet. The PktDst “Tunnel” is detected which tells the egress micro-code to modify the outer IP header of the outgoing packet (in the same manner as described for L2TP) and the tunneling is complete.

De-Tunneling of GRE packets is done in the same two pass manner as L2TP with only the 2^ndpass parsing logic being different. On the ingress side, an IP packet is received (with protocol=47) and processed normally. On the egress side, the TCB adds a new SF header containing the L2 protocol type GRE, and a SF Dst field which causes the packet to be switched back to the ingress for a 2^ndpass. Again, this SF header should also contain an offset field that points 2^ndpass processing to the embedded GRE header.

On the 2^ndpass, the GRE parsing logic is executed (via the SF protocol jump table) to gather the required fields for the flow hash and to determine the size of the L2 header and what underlying protocol is being tunneled. Which fields are used in the flow hash is determined by the parsing logic depending on what is being tunneled. The SF offset field is incremented to point at the tunneled packet; and for IP or MPLS the SF protocol field is changed to those corresponding code-points.

On the 2^ndpass egress side, the underlying tunneled packet is processed depending on the SF protocol field. If an IP or MPLS packet was tunneled, then they are processed as any IP or MPLS packet would. If some other protocol was tunneled, then the protocol field was not changed by the 2^ndpass ingress micro-code and the code-point still is L2 GRE. This packet is processed as any L2 packet, skipping all IP/MPLS specific transforms and jumping straight to stats/metering. In this case, the underlying tunneled packet is just forwarded as is, without any special processing.

PWE3 tunneling is a special case, which is done on an LQ basis. In this case, the ingress packet will be received with some L2 protocol (Ethernet, VLAN, PPP, AAL5, Frame Relay) but will not be processed as such, instead a per LQ enable is provided in the statistics block which will tell the micro-code that special handling is required. According to one embodiment, this feature is enabled when the 2 bit mode field in the stats block is set to 1 (L2 VPN mode). When this is detected by the ingress micro-code, it causes the flow hash to be computed using only the LQID.

In one embodiment, on the egress side, 2 bits are provided in the TCB, one for PWE3 enable, and one for control word tag enable. The egress micro-code will check the PWE3 enable bit for all L2 packets and if it is enabled will perform special PWE3 handling. This includes stripping of any required headers from the L2 packet and tagging on of the control word between the SF/Tunnel/VC header added by the TCB and the remainder of the L2 packet. When the egress micro-code detects an L2 packet with the PWE3 enable bit set in the TCB, it looks at the SF protocol field to determine a further course of action. For AAL5 and Frame Relay, the control word is required and some of the L2 packet must be discarded. In these cases, the micro-code will load the proper amount of header (2 byte frame header for frame relay, and 16 byte Maker header for AAL5) to construct the control word. After creating the control word, the header is discarded by subtracting the correct amount from the packet length. The control word is then added to the packet at the proper location on transmit by putting it in the new L3 header. For all other protocols, the control word is optional, so the control word enable bit is checked and if set a “dummy” control word will be added in the same manner as before.

De-Tunneling of PWE3 packets is performed on the egress side with the addition of a couple of new MPLS operation code-points (POP_L2VPN_NULL and POP_L2VPN_CTRL). On the ingress side, an MPLS packet is received and hashed normally to determine the flow index. In one embodiment, the MPLS tag is actually a “Martini” VC header and is popped in a special way by the egress micro-code. When one of these two MPLS operations is encountered, the micro-code will look at the new SF header (added via the TCB) protocol field to determine what to do next. If the protocol is AAL5 or Frame Relay, then a control word is present and is pulled off and used to modify the L2 header template following the SF header in the TCB header block. Any other protocol field, such as VLAN, Ethernet, or PPP, for example, will cause the MPLS operation to be looked at again. If the operation is POP-L2VPN_NULL, then de-tunneling is complete, if it is POP_L2VPN_CTRL, then the “dummy” optional control word is pulled off and discarded before de-tunneling is complete.

The embodiments of the invention described above are provided for completeness and sake of illustration. Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement which is calculated to achieve the same purpose may be substituted for the specific embodiments shown. This application is intended to cover any adaptations or variations of the invention. It is intended that this invention be limited only by the claims, and the full scope of equivalents thereof.